[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fw: IPSec vs. SSL

>To me, the difference is ease of deployment versus scope of protection.
>SSL is easier to deploy, because it lives solely at user level.  It
>does not need any kernel mods, source code, etc., and is reasonably
>portable between operating systems.

>On the other hand, with SSL you have to secure one application at a
>time.    You can't protect entire subnets.  There are trivial
>denial of service attacks by active attackers; they simply need to
>inject a single TCP packet.  And there's no way to protect UDP.

I agree that those are the main and key issues.  
There are two other problems with SSL that I bring up in my class (warning
students that these are largely "academic" issues):

1) The key generation in SSL is done by one party, not two, and therefore
defects in implementation (such as Netscape had) have especially large effects;
with IPSEC, the two parties both contribute equally to key generation which
would tend to mitigate these effects (perhaps). 

2) The secrecy of an SSL conversation is dependent on the private key of the
server (assuming one-way authentication) being FOREVER kept secret; if the
private key is exposed, then all old "taped" SSL conversations can be played
back and decoded; with IPSEC, the encryption key could be compromised, but in
practice such keys are unlikely to be in some persistent storage.  Ergo, if I
broke into a web server and grabbed the private key, all conversations would be
exposed to me.  Quick question: how often when a web server is "defaced" do you
think the owners think to generate new private keys? 


Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Phone: +1 520 324 0494 x101 (v) +1 520 324 0495 (FAX)  
jms@Opus1.COM    http://www.opus1.com/jms    Opus One